TABLE OF CONTENTS...Mr. Sancenito’s professional experience includes more than 12 years as a sworn Law Enforcement Officer. He is a former County Detective with the Cumberland County

PACFE ANNUAL FRAUD CONFERENCE Thursday, August 12, 2010 Giant Community Center, Camp Hill PA

TABLE OF CONTENTS

7:45 A.M. REGISTRATION, CONTINENTAL BREAKFAST & NETWORKING 8:15 A.M. WELCOME REMARKS & INTRODUCTIONS 8:30 A.M. DEMYSTIFYING DIGITAL FORENSICS

JOHN J. SANCENITO…………………………………………………………………………………..1 INFORMATION NETWORK ASSOCIATES, INC. 10:10 A.M. REFRESHMENT BREAK & NETWORKING 10:25 A.M. HOT TOPICS IN PENNSYLVANIA FRAUD

STEVEN J. LATZER…………………………………………………………………………………….2 MONTGOMERY COUNTY DEPUTY DISTRICT ATTORNEY & CHIEF OF STAFF 11:15 A.M. LEGAL ELEMENTS OF A FRAUD INVESTIGATION……..………………………………............3

THOMAS A. FRENCH, ESQUIRE RHOADS & SINON LLP

12:05 P.M. LUNCHEON & NETWORKING 12:55 P.M. FRAUD AND RISK MITIGATION: KNOWLEDGE & STRATEGIES……………..…………….…4

JOESEPH R. KRZYWICKI, CTP GARY J. BUKEAVICH, CTP PNC BANK TREASURY MANAGEMENT 1:45 P.M. MANAGING THE INTERNAL AND EXTERNAL EXPECTATIONS GAP

MICHAEL BREON, CPA, CFE, CIA.………………………………………………………………..…5 PERTROLANCE, LLC 2:35 P.M. REFRESHMENT BREAK & NETWORKING 2:50 P.M. E DISCOVERY / IMPLICATIONS OF WEB 2.0 AND SOCIAL NETWORKS

NATHAN C. PLATT, ESQUIRE…………..…………………………………………………….….…..6 4:30 P.M. CLOSING REMARKS

Information Network Associates, Inc. 5235 North Front Street Harrisburg, PA 17110

800-443-0824 717-599-5505 • 717-599-5507 (fax)

JOHN J. SANCENITO John J. Sancenito is the President of Information Network Associates, Inc. (INA); an investigative and corporate consulting firm headquartered in Harrisburg, Pennsylvania. INA offers a broad range of investigative services including fraud investigation, forensic accounting and digital forensics. Mr. Sancenito’s professional experience includes more than 12 years as a sworn Law Enforcement Officer. He is a former County Detective with the Cumberland County Pennsylvania District Attorney's Office, where he supervised the Insurance Fraud, Auto Theft, and Technical Services Units. He is the former Chairman of the Pennsylvania Insurance Fraud Prevention Authority Advisory Committee and a former member of the Pennsylvania Auto Theft Prevention Authority Advisory Committee. INA conducts investigations and risk management consulting for government and corporations nationwide. INA has been in business since 1982 and is the largest private investigative agency in the mid-state. INA has a staff of highly trained certified digital forensic technicians and a fully equipped digital forensic laboratory located near Harrisburg, Pennsylvania.

Demystifying Digital Demystifying Digital ForensicsForensics

Presented by:

John J. Sancenito

Copyright © INA, Inc. 2010

Overview

• Questions to be answered:– What is digital forensics?– What are the applications of digital forensics?– What types of devices can be examined?– Is there really a difference between “Information

Technology” and “Digital Forensics”?

• Stages of Digital Forensics:– Acquisition– Authentication– Analysis– Documentation

• Case Study

What is Digital Forensics?

• Digital Forensics - collection, preservation, analysis, and presentation of electronic and computer-related evidence

• AKA:– “Computer Forensics”– “Data Forensics”

• Follows protocols that are objective, repeatable and withstand legal scrutiny

Applications of Digital Forensics

• Digital forensics is one of many tools available to support an audit, investigation or inquiry.

• Additional uses include identification of digital artifacts relative to:– Hidden assets– Infidelity / Evidence of Romantic Relationships– Pornography– Email and Instant Messenger History– Conflict of Interest– File Recovery– Child Custody– Record Falsification

Where is the Data?

What can be examined?• Servers• Magnetic tape data storage• Desktops• Laptops• PDA’s & Handhelds• CD / DVD / Blu-Ray• Flash drives (USB)• iPods / MP3 players• Digital cameras• Cell phones

• Databases• Security systems• Credit card DB’s• Voice mail• Floppy Disks• Digital picture frames• Printers• Obsolete computer

equipment

From Herbert Roitblat, Ph.D, OrcaTec LLC (Ojai, CA)

Legal Authority

• Consent / Permission from the owner – Personally owned computers require

consent of owner– Spouse can generally

give consent for a

personally owned computer– For corporations, a well-documented IT

Acceptable Use Policy is critical• E-discovery motion granted by court• Court order: Judiciary insistence• Laws vary by jurisdiction

City of Ontario v. Quon (June 17, 2010)

• Several officers form an Ontario, California, police department were caught sending sexually explicit text messages on department issued two-way pagers.

• An appeals court ruled that because employees were informally given the option of paying for private messages, they had a right to reasonably expect the content of those messages to be private.

• The US Supreme Court reversed, holding that the search of Quon's text messages was reasonable and did not violate the 4th amendment. The search was motivated by a legitimate work-related purpose, and it was not excessive in scope.

Accessing Electronically Stored Data

• May be available from company server or may require access to device.

• Cached versions may be available on the device.

• Passwords for personal e-mail accounts may also be stored on device. – Personal accounts on third party devices

cannot be accessed without consent!

E-mail

Accessing Electronically Stored Data

Instant Messaging / Chat logs• Chat logs may be available on company

server or device

Internet Usage• Internet History logs of websites visited• Times accessed and length of time user

spent on website

Consent to Access Device

• Written Consent Statement• IT Acceptable Use Policy

– Does it cover what is being examined?• USB drive, hard drives, email server, file server• Are you permitted to have access to the physical

machine AND the data residing on it?• Ex: An individual can give you access to an email

server but are you actually permitted to review someone’s email?

• Laws can vary significantly (ex: Email Server in UK)

Four Stages of Digital Forensics

• Acquisition• Authentication• Analysis• Documentation

Stage 1: Acquisition

Acquisition

Cloning, Mirroring, and Imaging

• All terms may refer to the same process of copying data bit-for-bit.

• Method and tools used determine end result:– Forensically sound:

• Duplicate that is a complete and accurate representation of the original data on a subject hard drive (as verified by hash)

– “Read/Write” Blockers:• Positioned between suspect hard drive and imaging device• Ensures original data will NOT be modified during imaging process• Examples - Digital Intelligence FireFly, Paraben Lockdown, etc

– Software available specifically for forensic data acquisition:• Examples – Forensic Toolkit (FTK), EnCase, etc

Acquisition: Imaging Example of Write Blocker

Acquisition: Imaging

Original (Subject) Drive

Evidence Drive

Acquisition: Mobile Imaging

Original (Subject) Drive

Evidence Drive(s)

Stage 2: Authentication

Authentication

What is a Hash?

ADF22C18DA95EE964AF994CE9F905A3031ED2175

ADF22C18DA95EE964AF994CE9F905A3031ED2175

Original (Subject) Hard Drive

Evidence Hard Drive

SHA1

SHA1

“DIGITAL FINGERPRINT”

HASHES MATCH - SUCCESS!

Mathematical comparison of data – if imaging is conducted properly, original data is unaffected by examiner’s actions.

Stage 3: Analysis

Analysis

Analysis: What can be Recovered?

• Normal / Deleted / Hidden files• Encrypted or password protected documents• Data relating to networks (LAN, WAN, etc)• Images (pornography)• Identification of “second set of books”• Other relevant data capture (e.g. email, other

correspondence, network and Internet usage, recently typed words or phrases, etc.)

• Web browsing activity• Document revisions

Analysis: Deleted Files

File One File Two

Apply For BOSCOV’s

Credit Today!

Type: VisaCC#: 1234- 5678-1234-

5678CVC: 123

BOSCOV’s Application

FN: JohnLN: Doe

Analysis: Deleted Files (cont.)

(Deleted) File One File Two

Apply For BOSCOV’s

Credit Today!


FN: JohnLN: Doe

Type: VisaCC#: 1234- 5678-1234-

5678CVC: 123

Analysis: Deleted Files (cont.)

File Three File Two Slac

k

Una

lloca

ted

Spac

e


FN: JohnLN: Doe

Type: VisaCC#: 1234- 5678-1234-

5678CVC: 123

Analysis: How Is It Found

• A Blend of Art and Science• File Type (not by file extension)

– File Header Analysis– Data Carving - Deleted Files, Unallocated

Space• Application Software “Behavior”• Keyword Searching• Image Analysis

Analysis: Impact of Searching for Files

• Running searches for files, traversing the directory structure, double-clicking on files, right-clicking on files, copying files, etc. will CHANGE the state of files and the computer system

• The philosophy should be to minimize system impacts and specifically document all actions taken

Stage 4: Documentation

Documentation

Documentation

• Legal Authority and IT Acceptable Use Policy

• Documentation of the Evidence Scene• Chain of Custody• Forensic Imaging Process• Analysis of Dataset• Case Report

Documentation: Case Report

• Objective presentation of the facts using non-technical terms.

• Easily understood by a non-technical audience.

• Supported by evidence and analysis.

Analysis: Password Recovery

• “Brute Force”– Might be OK for weak encryption– Can task multiple computers to assist

• Registry obfuscation• Heuristics – Building a Dictionary

– Collection of registry information– Indexing of dataset– Analysis/interview of subject

Analysis – Steganography

Possible Uses for Steganography:

Maintaining anonymity

Pornography

Secret communications

Terrorism (alleged)

• Steganography is the art and science of hiding messages in such a way that no one other than the sender and recipient suspect the existence of the message

• Differs from encryption in that instead of protecting

data, “steg” will hide

it’s existence / messages do no attract attention to themselves

Analysis – Steganography (cont.)

!االضراب عند منتصف الليل What can be hidden in a digital picture?

(other) PicturesAudioText

Web pagesMany additional file

formats

Other files can also hosthidden information!

(i.e. – pictures within audio, audio within audio, etc.)

• Steganalysis is the art and science of detecting messages hidden using steganography

• Best case scenario:– original, unmodified file is available for comparison

Why Outsource Computer Examinations?

• Forensic work requires specialized utilities and specialized training.– Ensure all artifacts and evidence are

properly examined and placed in appropriate context.

– Prevent inadvertent modifications/deletions of evidence.

– Ensure court admissibility.• Investigative analysis is different than

traditional IT troubleshooting.• Ensure objectivity in reporting.• Ensure confidentiality.

How to Challenge Digital Forensics

• Question the process– Legal authority– Documentation

• Chain of Custody• Forensic procedures to image the dataset• Preservation of the original

– Forensic Tools (Software and Hardware)• Type, Version, Licensing• Functionality

How to Challenge Digital Forensics (cont.)

• Question the examiner– Experience and certifications– Actions taken for anomalies

• Question the conclusions– “Overstatement” of facts– Incomplete analysis

#2) Forensic Audit / Accounting

#1) Financial Discrepancy Encountered

#3) Digital Forensic Analysis

Case Study: $5.2 M

Embezzlement

Case Study: $5.2 M Embezzlement

• The General Accounting Manager of a multi-national, privately held corporation resigns.

• An executive overseas identifies a suspicious invoice from a vendor.

• Digital forensic conducted - analysis recovered deleted spreadsheets, emails, invoices, and documents.

• Vendor identified as a company owned by the former General Accounting Manager’s wife.

• Former Employee interviewed and confessed.

• Evidence turned over to the FBI. Accountant convicted of mail fraud, wire fraud, and money laundering.

Case Study: Conflict of Interest

• Sales Manager for a company leaves unexpectedly and is suspected being involved with a competitor.

• Computer returned after data had been deleted.

• A digital forensic examination is conducted on his laptop and desktop computers.

• E-mails, documents, corporate records, financial spreadsheets recovered.

• Information allowed company to file for a court injunction against the other company.

Summary

• Anything holding electronic data may be evidence.

• Legal authority is required (consent and IT Acceptable Use Policy).

• Even intentionally destroyed/deleted data may be recoverable.

• The examiner and the examination process must withstand close scrutiny.

Questions? http://www.ina-inc.com

Closing Remarks

John SancenitoPresident

Information Network Associates, Inc.

5235 N. Front St.

Harrisburg, PA 17110

717-599-5505

[email protected]

http://www.ina-inc.com/

mailto:[email protected]

STEVEN J. LATZER DEPUTY DISTRICT ATTORNEY

CHIEF OF STAFF

Steven J. Latzer is a Deputy District Attorney and Chief of Staff for the Montgomery County, PA Office of the District Attorney. As such, he manages all administrative functions of the office, supervises the Civil Forfeiture Unit, and handles all budget-related matters. Deputy Latzer also serves as a senior advisor to the Economic Crimes Unit, and prosecutes select high-profile criminal cases.

Prior to assuming the Chief of Staff position in 2008, Mr. Latzer

managed the Economic Crimes Unit within the Office. He was responsible for managing all white collar fraud investigations, and prosecuting the most significant economic crimes that occur within Montgomery County, including all insurance fraud and arson-related offenses. Mr. Latzer is also cross-designated as a Special Deputy Attorney General.

Mr. Latzer graduated from George Washington University in 1989

with a Bachelor of Arts Degree in International Affairs. In 1993, he received his law degree from the Villanova University School of Law. Mr. Latzer joined the District Attorney’s Office in 1998, and was promoted to Chief of the Economic Crimes Unit in 2002. In 2008, he was appointed Chief of Staff by District Attorney Risa Vetri Ferman. In January 2002 and January 2006, Mr. Latzer was awarded Special Commendations for outstanding service to the Office of the District Attorney. In 2003, he received the “Public Service Award” for outstanding achievement from the International Association of Special Investigative Units. In 2007, Mr. Latzer received his office’s highest recognition - the District Attorney’s Medal - for successfully prosecuting difficult economic and homicide cases. Mr. Latzer was also named “2007 Prosecutor of the Year” by the Delaware Valley International Association of Financial Crimes Investigators.

Mr. Latzer is an active member of the La Salle University Fraud & Occupational Abuse Advisory Board, the National White Collar Crime Center, the Association of Certified Fraud Examiners, and the International Association of Special Investigative Units. He is also an adjunct professor at LaSalle University and Montgomery County Community College, where he teaches Fraud, Criminal Justice, Criminal Law, and Criminal Investigation. Mr. Latzer routinely provides training

lectures to various law enforcement agencies, community groups, and students concerning criminal law, white-collar crime and other types of economic fraud.

600877.1

THOMAS A. FRENCH, ESQUIRE

Thomas A. French is the senior banking and business litigator at the Harrisburg,

Pennsylvania law firm of Rhoads & Sinon LLP. As part of his practice for the last 27 years, he

has represented banks, trust companies, and other fiduciaries in cases involving lender liability,

employment matters, asset recovery, professional and fiduciary liability, and estate and trust

disputes. In addition, Mr. French counsels corporate clients in their legal responsibilities and

liabilities regarding electronically stored information. In this area, Mr. French helps clients

develop systems to minimize the cost and liability associated with maintaining and producing

electronic data in litigation, and defends these systems when they are challenged in Court. He

has served as an adjunct faculty member at the Widener and Penn State Law Schools, and is a

veteran of the War in Afghanistan where he served as a JAG Officer with the United States

Army.

RHOADS & S1NON: n ,

.M1111111 11111111 Legal Elements of a Fraud Investigation

Thomas A. French, Esquire

Rhoads & Sinon LLP

Car 5.1444 3••••e. 'a.. • Mew '0 • , ' vrwocrbc...s.non.:om

RHOADS & SINONiip

Elements of Fraud According to Pennsylvania State Law

• A Representation: • Material to the transaction at hand: • That is made falsely, with knowledge of its falsity or recklessness as to

whether it is true or false; • With the intent of misleading another into relying on it: • Justifiable reliance on the misrepresentation: • The resulting injury was proximately caused by the reliance.

• Gibbs..y_Erbst, 647 k2d 882, 889 (Pa. 1994).

0 2010 Rt.. BM.. Am

RHOADS & SINON,,,

Damages in Fraud Claims

• Actual loss

• Costs and expenditures incurred by injured party

• Nominal damages

• Punitive damages

20'10 R... SY. Li" •••n Ft, er.

1

RHOADS & SINON.p

E-Discovery

• Generally • Discovery is the ascertainment of that which was previously unknown;

the disclosure or coming to light of what was previously hidden; the acquisition of notice of knowledge of given acts or facts.°

• Black's Law Dictionary

RHOADS &

E-Discovery and the Federal Rules of Civil Procedure

• Rule 16(b) requires parties to consider electronically stored information (ESI) in their scheduling order/pre-trial conference.

• Rule 26(a) & (0 requires each party to provide a general description of available ESI and to create a discovery plan which lists what ESI will be relied upon, how ESI is stored, issues relating to privilege, and in what form the information will be produced.

',Mks • 1.3.41,5 - Ana 3 Ir.,. • 70saval

02010 Prowle Been1.19 •P•s•v•l

RHOADS &

E-Discovery — Duties to Preserve, Search, and Produce ESI

• Preservation • Legal Hold

• Search/Production

• Can be an expensive process

0.01,0,..• A.1 avg. Reis, el

2

RHOADS &SINON.p

Admissibility of Evidence

• Relevance

• Authenticity

• Hearsay

• Original Writing v. Duplicate

• Probative Value and Unfair Prejudice. etc.

CXn101.....9-en ILD n

RHOADS &SINON.,

Relevance

• Pa. R. Evid. 401 — "Relevant evidence' means evidence having any tendency to make the existence of any fact that is of consequence to the determination of the action more probable or less probable than it would be without the evidence.

• Identical to Fed. R. Evid. 401

• The threshold standard of relevancy is extremely low.

0 Wade Opal. WI ROM\

RHOADS &SINON,,,

Relevance (continued)

• Relevant evidence must be both "material" and have "probative value."

• Southard v_Temple Uniy,Hosp. 731 A.2d 603 (Pa. Super. 1999).

• 'Material'

• Bears upon a matter that is propedy an issue in the case according to the substantive law applicable to a claim or defense

• 'Probative Value'

• The degree to which the evidence alters the probabilities of the existence or nonexistence of a fact

20.10 {.4.1111k SWO, UP Al 'IP, (.1

3

RHOADS &

Relevance (continued)

• Pa. R. Evid. 402 — All relevant evidence is admissible, except as otherwise provided by law. Evidence that is not relevant is not admissible.

• Nearly identical to Fed. R. Evid. 402 • Black letter law of relevancy

vorvIAlcack-t n00,0111. 10 c1,31.1.......1.......11fttes

Authenticity

• Pa. R. Evid. 901(a) — The requirement of authentication as a condition precedent to admissibility is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims.

• Identical to Fed. R. Evid. 901(a) • When a party offers evidence contending either expressly or impliedly that the

evidence is connected with a person, place, thing or event, the party must provide evidence suffident to support a finding of the contended connection.

•See Commonwealth

a,s4u1p4erA.626d 606 A

( .129d871?.0 " "2);

• MOcer 4.3 6.na V171.111,1,/ • a :I.W.711.

02010 Woof& Dna

RHOADS &

Hearsay

• Pa. R. Evid. 801(c) — "Hearsay° is a statement, other than one made by a declarant while testifying at the trial or hearing, offered in evidence to prove the truth of the matter asserted.

• Identical to the definition of 'hearsay" as found in Fed. R. Evid. 801(c) • Both the Pennsylvania and Federal Rules of Evidence have a multitude of

exceptions which permit the admissibility of hearsay evidence.

CIVIO RIteat 11 giro-I UP

4

RHOADS & SINON,,

Exclusion of Relevant Evidence

• Pa. R. Evid. 403 — Although relevant, evidence may be excluded if its probative value is outweighed by the danger of unfair prejudice, confusion of the issues, or misleading the jury, or by considerations of undue delay, waste of time, or needless presentation of cumulative evidence.

• Fed. R. Ovid. 403 — Although relevant, evidence may be excluded if its probative value is substantially outweighed by the danger of unfair prejudice, confusion of the issues, or misleading the jury, or by considerations of undue delay. waste of time, or needless presentation of cumulative evidence.

Ged,ears1.1.53••••• • 21.11,. • Ns Ls,' ••.: 01. I .of • a .12

www..C.13. 1 nat.Orn

02010 Mama Swen lla ...Vs listener,14

RHOADS & SINON”,

Original vs. Duplicative Documents

• Pa. R. Evid. 1003 —A duplicate is admissible to the same extent as an original unless (1) a genuine question is raised as to the authenticity of the original or (2) in the circumstances it would be unfair to admit the duplicate in lieu of the original.


v.lwallracits . s ron :ant

20101.**e. anon LIP Al Ibgrts

RHOADS &

Exclusion of Relevant Evidence (continued) • The absence of the word "substantial' from Pa. R. Evid. 403 is intended to

conform the Rule to the rigidify to which Pennsylvania courts have balanced the countervailing considerations.

• Close questions in balancing relevancy and adverse consequences of an item of evidence shall be resolved in favor of admissibility.

• Herieryy..atiole, 443 Pa. Super. 331. 661 A.2d 439 (1995).

201,1121.... Sr. 1, u ,s., Pner.ra

5

RHOADS &

Chain of Custody of ESI

• The purpose of testimony concerning the chain of custody is to prove that evidence has not be altered or changed from the time it was collected throughout production in court.

• The 'chain of custody' rule is a variation of the requirement under Fed. R. Evid. 901(a) that evidence must be properly authenticated or identified prior to being admitted. • United _States v. Tt_asig, 85 F.30 1207, 1213 (4. Cir. 1995).

le Sem UP All.prakrAnna

RHOADS &

Chain of Custody —Foundation for Admissibility

• Documentation of the methodology used in the forensic acquisition of ESI contained on storage media, such as hard drives

• Chain of custody of the ESI during and after the retrieval process

• MtrIce• • PO .11,1 .• 2,1 17/..t • -a73.11731

17 ea me Rms. sron a/ farts Res...el

RI-TOADS & SINONJ,,

Chain of Custody Testimony

• Includes documentation on how the data was gathered, transported, analyzed, and preserved for production

• This information is highly relevant because data can be easily altered.

6

RHOADS & SINON,.”

Discovery of Experts

• Expert Interrogatories • Expert Reports

trwwn-.1.7.xls-s

0 3010.1.....1 LL. ,tts Pete,.

RHOADS & SINON,i,

Rules of Evidence Governing Experts

• Pa. R. Evid. 702 — If scientific, technical or other specialized knowledge beyond that possessed by a layperson will assist the trier of fact to understand the evidence or to determine a fact in issue, a witness qualified as an expert by knowledge. skill, experience, training or education may testify thereto in the form of an opinion or otherwise.

• Pa. R. Evid. 702 differs from Fed. R. Evid. 702 only in that the words 'beyond that possessed by a lay person' have been added to the Pennsylvania Rule.

7010w.+011 Seca UP. NIIRP116.P•ss.

Daubed Standard for Expert Testimony

• Applicable to expert testimony in all federal court cases • Dauber( v. Merrell Dow Pharmaceuticals 509 U.S. 579 (1993). • District judges assume a 'gatekeeping' role to 'ensure that any and all scientific

testimony or evidence admitted is not only relevant, but reliable.' • A district judge must make a preliminary finding regarding whether the reasoning

and methodology employed by an expert is scientifically valid and can be applied to the facts in the particular dispute.

0 X. Lin

7

Daubert Factors of Scientific Reliability

• Whether the experts technique or theory can be or has been tested — that is, whether the expert's theory can be challenged in some objective sense or is instead a subjective, c,onclusory approach that cannot be reasonably assessed for reliability

• Whether the technique or theory has been subject to peer review and publication • The known or potential rate of error of the technique or theory when applied • The existence and maintenance of standards and controls • Whether the technique or theory has been generally accepted in the scientific

community

RHOADS &

Extension of Daubert

• Kumho Tire Co. v. Carmichael 526 U.S. 137 (1999).

• Extends the gatekeeping function to testimony also based on technical and other specialized knowledge and the determination of reliability of expert's testimony in light of the particular facts and circumstances of the particular case,

Ne St. Win kwat.

Frye Standard for Expert Testimony

• The Frye test directs that the "admissibility of the evidence depends upon the general acceptance of its validity by those scientists active in the field to which the evidence belongs.° Topa, 369 A.2d at 1281 (referring to the standard developed in Fryev, United States, 293 F. 1013 (D.C. Cir. 1923)).

• The Frye standard for expert testimony is currently only applicable under Pennsylvania law.

• Adopted by Pennsylvania in ammtanweelL y. Topa 369 A 2d 1277 (Pa.

8

Frye Standard —

General Acceptance Test

• The requirement of general acceptance in the scientific community assures that those most qualified to assess the general validity of a scientific method will have the determinative voice.' Toga, 369 A.2d at 1282.

• GradmFdlo-Lay Inc. — Frye standard continues to be the standard for expert testimony in Pennsylvania, despite the holding in Daubert.

• 576 Pa. 546, 839 A.2d 1038 (2003).

a a LIP nerved.

Reliance by Experts

• May not repeat another's opinion or data

• May testify by opinion or reference to an ultimate issue in the case in most circumstances

• Firsthand Knowledge

• Facts that have been stipulated or introduced into evidence prior to expert testimony

:4541,4644 ,r,....•1/0/ 0,..1 45 , 110 Mt. 00 • /1, naLua,

srenvaheadete non.:ane

o Ras. a a. aes ea

Reliance by Experts (continued)

• Inadmissible Evidence • May still be relied upon by experts • Hearsay and facts that are normally relied upon by others in that expert's

profession or field of practice

020/0 6. LLP

9

Admissibility of Business Records

• Pennsylvania • Uniform Business Records as Evidence Act — 42 Pa. Cons. Stat. 6108 • Uniform Photographic Copies of Business and Public Records as

Evidence Act — 42 Pa. Cons. Stat. 6109

• Federal • Fed. R. Evid. 806(3) — Records of Regularly Conducted Activity

0 MO R.>. Seon este..

Disclosure of Facts and Data

• Disclosure of facts and data underlying expert's opinion • Pa. R. Evid. 705 — The expert may testify in terms of opinion or inference

and give reasons therefore; however, the expert must testify as to the facts or data on which the opinion or inference is based.

• Fed. R. Evid. 705 does not require an expert witness to disclose the facts upon which an opinion is based. The cross-examiner bears the burden of probing the basis of the opinion.

900

RHOADS &

Experts and Privileged Information

• Currently, Fed. R. Civ. P. 26 states that any materials furnished to an expert that he uses in forming his opinion are no longer privileged or otherwise protected.

• Amendment to Fed. R. Civ. P. 26, effective December 1, 2010. seeks to provide greater protection to communications between attorneys and their experts_

RHOADS & SINON.r,

10

1111111111111151111111111111111

Summaries of Books, Entries, and other Sources of Data

• 3 types of summaries per United States v. Bray 139 F.3d 1104 (6 . Cir. 1998).

• Primary evidence summaries • Pedagogical device summaries or illustrations • Secondary evidence summaries

• Pa. R. Evid. 1006 — The contents of voluminous writings, recordings or photographs which cannot conveniently be examined in court may be presented in the form of a chart, summary, or calculation. The onginals, or duplicates, shall be made available for examination or copying. or both, by other parties at reasonable time and place. The court may order that they be produced in court.


91 .97010Rnos2.99ronll, P.9,999.6aned.

RHOADS &

RHOADS & SINONup

Summaries (continued)

• Distinction between summaries under Fed. R. Evid. 1006 and Fed. R. Evid. 611(a)

• Rule 1006 — the chart/summary itself is admitted as evidence • Rule 611(a) — the chart/summary is used to facilitate the presentation of

evidence already in the record and is not itself admissible

9..11.1059..•nn • tathee On. 1. • .1 :1,01.7,1

IrnwAlcoda,nen,onlamORres099.991.911 AIIR{ItsResen.

Summaries (continued)

• In order to be property admitted under Rule 1006, the proponent of the evidence must demonstrate:

• That the writings/records are voluminous • That the originals themselves are admissible • That the originals can be made available to the litigants and the court if so

ordered That the summary/chart is a short restatement of the main points of a single document

11

Joseph R. Krzywicki, CTP ___________________________________________ Senior Vice President, Market Manager PNC Bank Treasury Management

Joe has spent the majority of his career assisting corporate clients with the design and implementation of solutions that generate working capital efficiencies while managing both internal and external risks. Joe is currently responsible for management of the business development process for treasury management clients. His primary market is Pennsylvania his teams assist clients in the manufacturing, real estate, wholesale, service, healthcare and public sectors. Joe also manages PNC Bank’s Treasury strategy for the Real Estate industry on a national basis. In this role he is responsible for developing and implementing a strategy that can be consistently applied across the PNC network to bring value to this unique and challenging industry. With his combination of experience from the provider and the user side of the financial services industry, Joe is able to identify and relate to business challenges and develop solutions through treasury management and technology applications. Business practices like accounting, budgeting and cash management can be simplified, automated, enhanced and controlled to improve a company’s competitive position. In addition to his primary focus, Joe has been integral in PNC’s acquisitions and integrations, including mentoring others from acquired institutions. Joe is a graduate of Villanova University where he majored in Finance. He is also pursuing a Master’s degree in Accounting from the University of Scranton. Joe enjoys community volunteer activities, and has worked for various community outreach organizations, including Good Shepherd School Board, Chair of the Good Shepherd School Development Committee, the United Way and coaching various youth sports. Joe is also active in the Treasury Management Association of Central PA where he serves as Vice President. Mr. Krzywicki’s contact information is listed below: Joseph Krzywicki PNC Bank 4242 Carlisle Pike Camp Hill, PA 17011 717-730-2272 [email protected]

Gary J. Bukeavich, CTP ___________________________________________ Vice President PNC Bank Treasury Management

Gary has been employed with PNC Bank since April 2008. With over 20 years of banking experience, he is responsible for the sale of Treasury Services to corporate and municipal clients throughout Lancaster, Berks, York, and Adams County. Previously, Gary held positions in Global Treasury Management and Commercial Lending. Gary is a graduate of King’s College, Wilkes-Barre, PA, where he received a Bachelor of Science degree in Business Administration. He received a Masters degree from Wilkes University. Additionally, he is an Honors’ graduate of the Central Atlantic School of Commercial Lending. Gary is a member of the Association for Financial Professionals; The World Trade Center of Central Pennsylvania; the Bankers Association for Finance and Trade; and volunteers for the Lancaster Chamber of Commerce; The Pennsylvania Economy League, and Junior Achievement. Mr. Bukeavich’s contact information is listed below: Gary Bukeavich PNC Bank 101 North Pointe Blvd Lancaster, PA 17601 717-735-5610 [email protected]

1

1

This presentation is delivered by PNC on the condition that it be kept confidential and not be shown to,

or discussed with, any third party, including any financial institution (other than on a confidential or need-to-know

basis with the recipient’s directors, officers, employees, counsel and other advisors, or as required by law), or used

other than for the purpose of evaluating the services in this presentation,without PNC’s prior written approval.

Fraud and Risk Mitigation –Knowledge and Strategies

For

Central Pennsylvania - Association of Certified Fraud Examiners

Presented by:

Joe Krzywicki, CTP - Senior Vice President- Market Manager

Gary Bukeavich, CTP – Vice President – Treasury Management Officer

PNC Bank Treasury Management

2





FBI Philadelphia DivisionHarrisburg Resident AgencyComputer Crime Program

2

3





The Threat To Business

� Failure in Confidentiality/Integrity

– Loss of Customer Data

� Financial, Health Info.

– Loss of Intellectual Property

– Identity Theft

– Direct Financial Loss

– Reputational Damage

4





CURRENT FBI INVESTIGATIVE PRIORITIES

1. Protect the U.S. from terrorist attack 2. Protect the U.S. against foreign intelligence operations

and espionage3. Protect the U.S. against cyber-based attacks and high-

technology crimes4. Combat public corruption at all levels5. Protect civil rights6. Combat transnational/national criminal organizations7. Combat major white-collar crime8. Combat significant violent crime9. Support federal, state, local and international partners10. Upgrade technology for successful performance of the

FBI’s mission

3

5





60 Minutes – Sabotaging the System

6





� Crime follows money…

“Automated crime is conducted entirely in the time

-scale of computers, in only a few milliseconds…

no human interruption or interaction...

no human recognition until it is

completely finished and disappears...”

Donn B. Parker, Automated Crime

Copyright CSI 1999, All Rights Reserved

Information Age Crime

4

7





Threat Follows Value

The 1950s American bank robber Willie Sutton was asked why he robbed banks. He said he robbed banks because,

“That’s where the money is.”

Today, the money is in Cyberspace

The Internet provides for criminals the two capabilitiesmost required for the conduct of criminal activities:

Anonymity & Mobility

8





Access via Capability

MissilesICBM & SLBM

Bomber w/Nuke

1945 1955 1960 1970 1975 1985

Invasion

PrecisionGuidedMunitions ComputerCruise Missile

Today

Cost & Means of Attack

1990

Cost of

Capability

5

9





AFP News – January 2009 - Fraud Rises as Economic Crises permeates

“This month the theme is fraud and in these turbulent economic times, the risk of fraud is higher than ever.”

AFP Fraud Survey – March 2008“Seventy-one (71) percent of organizations experienced attempted or actual payments fraud in 2008, down 1% from 2007. Thirty (30) percent of survey respondents report that incidents of fraud increased over last year, down 9%. Checks continue to be the preferred target of thieves as nearly all organizations that experienced payments fraud were victims of attempted check fraud. Other targeted payment types for fraud include:

- ACH debits (28 vs 35 percent in 2007)- Consumer credit/debit cards (17 vs 18 percent in 2007)- Corporate purchasing cards (14 percent remained the same)- ACH Credits (7 percent)- Wire Transfers (6 percent).”

Fraud in the News!

10





Environment

� Fraud Methods and Targets

– Prime Targets: Card and Online Banking

– Rising individual, corporate and bank losses

– Consumers more at risk than ever

– Corporates have IT infrastructure and other controls to mitigate risk

� Regulators pushing Financial Institutions to help protect consumers and corporations, but laws and regulations do not reduce corporate or individual ultimate exposure

� Security a priority for banks

� Internet channel increasingly critical to business

6

11





Regulators: What have they done?

“The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high risk

transactions involving access to customer information or the movement of funds to other parties…”

� FFIEC…Federal Financial Institutions Examination Council

� Body of gov’t agencies responsible for regulating banksissued new guidance on authentication in response to increased threats and fraud cases

12





How were/are we protected?

Prior:Single factor:

� ID and password

Now:Layered Security Enhancements:

� Token� Digital certificate� Suspicious Behavior monitoring� ID Theft Security Grid� Logon Authentication� Transaction Anomaly monitoring

Something a personhas done versus now requested

7

13





Example: Risk-Based Authentication

ReportingLogin

Company IDUser IDPassword

3 strikes

Fraud Detection Software

� Administration� Information Reporting

� A/R Advantage� Check Mgmt� Positive Pay� Acct Transfer� ACH� Wire Token

(required)

Anomaly Detection

Risk Score

secretquestion

HIGH

LOW

FAIL

PASS

Fraud Network / Blacklists

Match

User deniedaccess

NoMatch

How it works:

14





Transaction Fraud

8

15





� Altered Checks (payee or amount)

� Forged Drawer

� Forged Payee

� Counterfeit

� Drawn on closed accounts

� Identity theft

Check Fraud Types

16





� More than 75% business payments still made by check

� 93% of payment fraud is through checks

� 75% did not suffer financial loss

� 86% credit Positive Pay/Reverse Positive Pay

� Of 25% who suffered loss, 42% blame not using some form of Positive Pay

Source:2008 AFP Payment Fraud Survey

Check Fraud Types

9

17





� Signature Forgery on Checks-26% of “bad checks- 500 million annually

� Counterfeit Checks- 15% of all fraud items

� Check Content Alteration

� Courtesy Amount/ Legal Amount Mismatch detection

� Payee & Positive Pay to ID mismatches

� Approach using multiple algorithms and tests applied against segments of a signature

� Automated check stock verification and use of imbedded symbols

� Image analysis and pattern recognition technology

� Algorithms, behavioral and shape recognition, spacing etc.

� Bank use of issued check information to match every inbound item presented; mandatory internal review daily!

Issue Technical Solution

Check Security Issues

18





Secure Seal EncodingEncoded graphic includes issue information

Positive PayPLUSDetects altered payee line and other variable fields

Digital Signature Verification Signature snippets analyzed for consistency and verification

Check Stock ValidationAnalyze all static elements of the check

Comprehensive Fraud Detection Solutions

10

19





Check Fraud – Image Survivability

Image Survivability refers to the likelihood that a check security feature will still be useful after the check has been converted to an IRD or image.

Unfortunately, most security features today do not survive the image conversion process. However, work continues on new technologies that are survivable.

Image-Survivable Check Security Features (ICSF)

2D Bar Codes

20





Check Fraud – Image Survivability

Q. If most features are not ICSF’s, do I still need secure check stock?A. Yes, because of “ordinary care” (UCC 3-103) and “comparative negligence” (UCC 3-406) standards

11

21





Check Features- Fraud Prevention

Features to consider:

� Toner Lock

� Secure Font

� Void Pantograph

� Laid Lines

� Chemically reactive paper

� Microprinting

22





� Segregations of Duties

� Reconcile Bank Accounts

� Timely Report Fraud

� Train Reconcilement Employees

� Written Policy and Procedure

� Periodic Audits

� Securely Store Facsimile Signatures, Records, Documents

� Require Multiple Signatures for Large Dollar Checks

� Centralize Disbursements

� Know your Employees

� Enforce Mandatory Vacation Policy

� Utilize Secure Check Stock

� Use Bank Services!

Check Fraud - Prevention

12

23





The art of socially engineering an individual into giving up their personal information through one of many possible techniques.

Phishing/Vishing

24





User connects to legitimate webpage that has been compromised.

A program within that web

page calls out and

downloads a keylogger

Keylogger

13

25





ACH Fraud

� Phishing

� Unauthorized debits

26





ACH Fraud – Phishing Defenses

� Multi-factor authentication

� Dual control over database changes

� Token at log-in for funds transfer services

� Best Practice: Dedicated PC with no e-mail

14

27





ACH Fraud – Unauthorized Debits

� Like check fraud, only easier

– Use your account and routing number to make on-line purchases

� Leaves a better trail, but less physical effort/risk

– A key concern of NACHA’s Risk Management Advisory Group (RMAG)

– Recovery of funds possible but time consuming

� ODFI Warranties under Section 4.2

� Best Defenses

– Debit authorization

– UPIC (Universal Payment Identification Code)

28





ACH Debit Authorization

� Protects companies from unauthorized ACH debit transactions

� Block all

� Filtered – client provides the Bank a list of authorized companies allowed to debit the account.

15

29





ACH Positive Pay

� Any ACH debits not automatically paid can be reviewed online, where a “pay” or “return” decision can be made

30





A UPIC is a unique account identifier issued by financial institutions that allows companies to receive electronic payments without divulging confidential banking information.

� A UPIC looks and acts like a standard bank account

number, and travels through the ACH network with the

Universal Routing and Transit number

� Thus companies don’t have to be worried about listing UPIC information on their websites

� UPIC can only be used for ACH credit payments

16

31





What Else is Available to Protect You?

Organizations turn to a number of fraud control services provided by their banks, including:

� Positive Pay/Reverse Positive Pay/Payee Positive Pay� ACH debit blocks/Filters� “Post no checks” restriction on depository accounts

Organizations may opt out of particular fraud control services for a number of reasons:

� their management is confident that the organizations’ internal processes are adequate,

� the service is perceived to be too expensive, and/or;� the organization does not issue a sufficient number of checks to justify the cost.

Organizations can develop and/or modify internal business processes to mitigate potential payments fraud risks. Among the processes considered important include:

� Stopped providing payment instructions by phone or fax� Increased use of electronic payments for business-to-consumer and business-to-business

32





17

33





34





18

35





Scams

� Nigerian 419 Scam

� Disaster Relief Fraud

� Inheritance Scams

� Lottery Scam

� Internet Auction Scam

� Phishing and Pharming

� Survey and Other Offer Scams

� Text Message Scams

� Telephone Scam

� ATM and Debit Card Scams

36





It’s not ALL about the Internet

19

37





ATM Scams

38





20

39





PIN Pad

40





Card Skimming

21

41





Card Skimming

42





Card Skimming

22

43





44





23

45





46





Laptop computer

Skimming

24

47





Laptop computer

Skimming and PIN Capture

48





Summary

� Fraud & Data Security are rising issues

� Use of Multi-level Security shows promise with further evolution and application

� Flexibility woven into Products and Services can assist in preventing fraud and minimizing risk when used

� At PNC security and risk assessment are built into every product and carefully monitored

� Ease of use and relative security must be balanced with costs

� Education about fraud and risk is key to prevention!

25

49





QUESTIONS?

Michael Breon Pertrolance, LLC Harrisburg, PA 717-579-3277

[email protected] www.pertrolance.com

Michael Breon is the founding Member of Pertrolance, LLC where he provides various internal audit and fraud consulting services. Prior to establishing Pertrolance, he was a senior manager in Deloitte’s Enterprise Risk Services practice. Mike’s corporate experience includes managing the retirement plans for the Hershey Company as well as serving in their Internal Audit Department. He also has fifteen years of varying experience in the construction industry. Mike’s past work in public accounting has also included leading audits in the medical, insurance, manufacturing, low income housing, and not for profit sectors. He is a Certified Public Accountant (CPA), Certified Internal Auditor (CIA), and a Certified Fraud Examiner (CFE). His recent client experience includes providing internal audit services primarily in the manufacturing and consumer business sectors. Mike graduated from Pennsylvania State University, Harrisburg with a B.S. in Professional Accountancy and later received his MBA from the same institution. He is a past President and currently 1st Vice President of the Central Pennsylvania Chapter of the Institute of Internal Auditors (IIA). Mike has co-authored and taught two of the IIA’s fraud programs “Internal Auditing for Fraud” and “Purchasing Fraud: Auditing and Detection Techniques”. His article, “Improving Client Relations” was published in the October 2009 edition of Internal Auditor Magazine. He is currently researching and writing a program on managing supply chain risk.

Managing the Expectations Gap

Michael Breon CPA, CFE, CIAPERTROLANCE, LLC

www.pertrolance.com

Fraud & Internal Audit Training Strategic Internal Audit Services Fraud Prevention & Investigation

BUILD AWARENESS OF THE EXPECTATIONS GAP WHEN IT COMES TO FRAUD & HOW

YOU CAN MITIGATE THE RISK


What is the Expectations Gap?

The expectation gap is the difference between what is required to be done (in this case based upon professional standards) verses what uninformed users of the work expect the outcome to be or include.


WHO FINDS FRAUD?

Source: ACFE 2010 Report to the Nations


WHO IS SUPPOSED TO FIND FRAUD?• External Auditors• Internal Auditors• Loss Prevention• Management• Employees• Police• FBI• Customers• Vendors• Consultants• CFE’s

DEPENDS ON WHO YOU ASK…EVERYONE


EXTERNAL AUDITORS


Fraud In Financial StatementsMany members of the public expect that:

• Auditors should accept prime responsibility for the financial statements• Auditors 'certify’ financial statements• An unqualified opinion guarantees the accuracy of financial statements • Auditors perform a 100% check • Auditors are supposed to detect all fraud

These Misconceptions Are Essentially the Expectations Gap.


Fraud In Financial Statements

REVIEW THE AUDIT ENGAGEMENT LETTER…(HANDOUT)

THE IMPROPER EXPECTATIONS ARE CLEARLY ADDRESSED… THE INVESTOR / AUDITOR EXPECTATIONS GAP LARGLY BOILS DOWN TO THE NEED FOR FINANCIAL EDUCATION.


Fraud In Financial Statements

GOVERNMENT & PROFESSION RESPONDS TO FRAUD AND STAKEHOLDER EXPECTATIONS…

CHANGES TO PROFESSIONAL AUDIT STANDARDS & OVERSIGHT

• SAS99• Risk SAS’s (104‐111)• PCAOB / SEC (Registration / Audit Standards – AS5)


INTERNAL AUDITORS

Management and Audit Committee Expectations

• IA focuses on risk; including fraud risk

• Procedures to identify fraud are included in audit testing

• IA will find fraud if it is occurring

• If internal audit was just there, everything should be fine


Internal Audit’s Road Blocks

• I don’t know how to audit for fraud

• I know management; they would never commit fraud

• I don’t have time

• Management knows the business process much better than I do; I have to rely on them to determine what is correct

• Management intimidates internal auditors

• Management stonewalls auditors


Internal control starts with a strong set of policies and procedures.

Fact or Fiction

Internal control starts with a strong control environment.

─Source: IIA Tone at the Top, November 2003, “Controls Are Everybody’s Business”


Management is the owner of internal control.

Fact or Fiction



Internal control is a finance thing. We do what the controller’s office tells us

to do.

Fact or Fiction

Internal control is integral to every aspect of the business.



Internal control makes the right things happen the first time and every time.

Fact or Fiction



With downsizing and empowerment, we need different forms of control.

Fact or Fiction

With downsizing and empowerment, have to give up a certain amount of control.



If controls are strong enough, we can be sure there will be no fraud, and financial

statements will be accurate.

Fact or Fiction

Internal controls provide reasonable, but not absolute, assurance that the organization’s objectives will be achieved.



Internal controls should be built into, not onto, business processes.

Fact or Fiction




FRAUD EXAMINERS

Stakeholder Expectations

• Auditors have the skills of fraud investigators (CFE’s)

• Fraud or wrongdoing can be clearly established

• Guilt or innocence will be established

• Financial statement fraud can be eliminated by using forensic audits


Fraud Examiner Realities

• Auditors do not have the same skills as trained / experienced fraud investigators – nor should they

• Sometimes facts / evidence is just not sufficient to prove fraud

• Only a jury or judge can affix blame

• Forensic audits are costly endeavors. Stakeholders must weigh the cost / benefit



WHAT CAN WE DO???

• BECOME ACTIVE IN EDUCATING THE PUBLIC – FINANCIAL LITERACY

• CLEARLY DEFINE SCOPE OF ENGAGEMENTS & COMMUNICATE WITH ALL STAKEHOLDERS

• ENCOURAGE ORGANIZATIONS TO IMPLEMENT FRAUD PREVENTION STRATEGIES

• DEPLOY THE PROPER TALENT BASED UPON THE TASK AT HAND

• ALWAYS USE ENGAGEMENT LETTERS

• DOCUMENT, DOCUMENT, DOCUMENT

• ALWAYS FOLLOW PROFESSIONAL STANDARDS

WHAT CAN WE DO???


QUESTIONS / COMMENTS


Michael Breon CPA, CFE, CIAMember

Pertrolance, [email protected]

717.579.3277www.pertrolance.com

NATHAN C. PLATT, ESQUIRE Nathan C. Platt, Esquire graduated from the State University of New York at Fredonia in 1999 earning a Bachelor of Science in Accounting. In 2004, Attorney Platt received his Juris Doctor from the University of Pittsburgh School of Law. While at law school he served as Editor-In-Chief of the University of Pittsburgh School of Law Journal of Technology Law and Policy. He also interned at Deloitte & Touch, LLP in its Taxation program and was a finalist in the Murray S. Love Trial Moot Court Competition.

In addition, Nathan earned his Master of Business Administration (MBA) from Clarkson University in 2000. While earning his MBA, he served as Lead Consultant for the business school’s Canadian-U.S. Business Consulting Service. In 2000, Nathan was awarded Clarkson University’s Graduate School of Business’s Leadership Award. After attending business school, Nathan worked for IBM’s Technology Division in Burlington, Vermont. While at IBM, he served in IBM’s Capital Equipment Engineering group working with equipment engineers to strategize and negotiate the purchase of semiconductor equipment for IBM’s global semiconductor line. While working for IBM, Nathan conducted global business with IBM partners in England, France, Ireland, and Singapore. Attorney Platt is a member of the Pennsylvania Bar and York County Bar Associations and serves on the board of the United Way of York County. Nathan has been a small business owner and franchisee in Syracuse, New York. Attorney Platt’s areas of practice include business law, commercial litigation, wealth preservation and tax planning, real estate transactions, and technology law.

e-Discovery and Implications of Web 2.0 and Social

Networking

Presented By :

Nathan C. Platt, Esq. Robert C. Fratto

[email protected] [email protected]

- Introductions:

Nathan C. Platt, Esquire

Partner

Background: IBM Technology Division – Burlington, Vermont; Deloitte & Touch,

LLP – Pittsburgh, Pennsylvania; Attorney Stock and Leader, P.C. –York, Pennsylvania

Small business owner- Syracuse, New York

Education: JD- University of Pittsburgh School of Law; Editor-In-Chief of the

Journal of Technology Law and Policy; MBA - Clarkson University; BS in Accounting

– State University of New York at Fredonia

Robert C. Fratto, Esquire

Attorney

Background:

Education:

(AGENDA)

What is e-Discovery?

Why e-Discovery is Important?

Updates on Recent Case Law.

Changes to the Federal Rules of Civil Procedure.

Web 2.0 What? Social Networking What?

Basic Guidelines and Best Practices on How to Deal with

e-Discovery Issues.

(Presentation Scope)

The handling of legal issues depends on the unique facts of each

case, circumstance and applicable law.

This program is not intended to provide specific legal advice on any

particular matter, but is designed to give general information which

we hope will be of interest to you.

7 Trillion emails are sent annually and growing;

The average employee deals with 60-200 emails daily;

CYA Emails

E-Discovery Basics

Only 0.01% of newly created information is stored in paper. Peter Lyman & Hal Varian, How Much Information? (Berkeley)

“30[%] of electronic information is never printed to paper.” SEDONA PRINCIPLES: Best Practices, Recommendations & Principles for Addressing Electronic Document Production

E-Discovery Basics

1. It’s easier to create than paper information;

2. People save multiple drafts and forms of the information until

we finally have a final version;

3. Electronic information is so easy to store and save;

“Characteristics of electronic information”

4. It’s also easy to forget about because its hidden;

5. Email communications are generally less formal and

thoughtful than other correspondence;

6. People are more likely to make candid comments in

electronic correspondence, which can have significant

impact in litigation;

7. Multiple Dynamic Formats.


Today, an estimated 93 to 97 percent of documentary

evidence -- correspondence, reports, invoices, financial

records, etc. -- exists only in electronic form. For any

given case, you can find this evidence in dozens of

digital file formats, although the most common are

standard types of office productivity files: Microsoft Word

documents (.doc), Excel spreadsheets (.xls), PowerPoint

presentations (.ppt), Outlook e-mail (.pst), Adobe

Portable Document Format (.pdf), and so on. A document

in the digital file format in which it was created is called a

"native file."


1. Electronic Information is potentially valuable evidence!

"[A]ny matter, not privileged . . . relevant to the claim or defense of

any party. . . . if the discovery appears reasonably calculated to

lead to . . . admissible evidence."

Encompasses electronically stored information. Your probably going to

get it or have to produce it!

FRCP 26 (b)(1) <www.law.cornell.edu/rules/frcp/Rule26.htm>

“Why e-Discovery is Very Important”

2. Smoking Gun Emails!

Multiple Audiences (“Green Eggs & Ham”) Test:

- Would you like it in the press?

- Would you like it on a competitor’s desk?

- Would you like it in the government’s hand?

- Would you like to read it on the stand?

IF NO to any of these, then ……

---- Do Not Send It, Sam I AM!


3. Meta Data

Evidence can be more than originally meets the eye!

4. Adverse Inference Instructions; Sanctions; and Costs; Obstruction

of Justice Charges; Civil Liability; Ethical Violations; Evidence

Exclusion; ….You may have your case thrown out of court.


Zubulake v. UBS Warburg LLC, 216 F.R.D. 280 (S.D.N.Y., Jul. 24, 2003) (I) *

Zubulake v. UBS Warburg LLC, 216 F.R.D. 280 (S.D.N.Y., Oct. 22, 2003), (II) *

Zubulake v. UBS Warburg LLC, 217 F.R.D. 309 (S.D.N.Y., 2003), (III) *

Zubulake v. UBS Warburg LLC, 2004 WL 1620866 (S.D.N.Y., 2004), (IV) *

Zubulake v. UBS Warburg LLC, 2005 WL 627638 (S.D.N.Y., 2005), (V) *

Case Law

- FRCP now codifies “ESI” – Electronically Stored Information in the

discovery context.

- Became effective in December 2006.

- Federal Rules may be used by state courts as examples for how to

deal with e-Discovery issues.

“Codification in the Federal Rules of Civil Procedure”

- Facebook

- Instant Messenger (Intranet and Extranet)

- LinkedIn

- Texting

- Posting

- eJournals

- Blogging

- Video Messaging - Data & Relationship Mapping

“Web 2.0 What? and Social

Networking Who?

Any good information here???

Maybe some of the best yet!!

Home grown cases?

E-Discovery Orders – YES

(Real Life Examples / Don’t Forget Public Record Law)

Case Law

1. Recognize and advise clients on duties to preserve electronic information –

LITIGATION HOLDS;

2. Advise clients to have a written document retention policy that covers ESI ;

3. Avoid Spoliation Issues ;

4. Federal case law suggests burden is on counsel to actively deal with e-

Discovery issues;

5. Deal with issues upfront. Come to agreement with opposing counsel if

possible;

6. Meet with your clients IT staff and key litigation players regularly with

education. Understand their systems and policies.

“Basic Guidelines and Best Practices on How to Deal with e-Discovery Issues”

7. Work with the right outside vendors. Find out their capabilities and

limitations.

8. Methodologies for Managing an e-Discovery Project

1. Determining Scope

2. Search criteria

3. Where to look and how to review (privilege / relevancy);

4. How to produce;

5. Chain of Custody; preservation of data integrity.

“Basic Guidelines and Best Practices on How to Deal with e-Discovery Issues”

“Conclusion and Discussion”

“Hopefully this presentation gives you an additional understanding of e-Discovery and some tools to use”

E-Discovery

THANK YOU FOR YOUR TIME, ATTENTION, AND CONSIDERATION!

E-Discovery Basics

Any Questions?

Presented By :

Nathan C. Platt, Esq. Robert C. Fratto, Esq.

[email protected] [email protected]